I have a question about how they store the contacts. Can't they encrypt each of the phone numbers before they get sent to the server? This way there's no breach of privacy and the friend suggestion feature still works for everyone.
a cryptographic hash of a phone number on their server should match a cryptographic hash of a phone number in a contact list on a phone. The app sends the hash to the server, the server looks up users via the hash and responds with user data for matches.
To be honest this should be a third party service, since it sounds like every major social networking app is doing the same exact thing.
In my opinion, giving out your number, along with the hash of each phone number in your address book to an authority with millions of such hashes isn't appreciably better than giving them in plaintext.
But you wouldn't give out your number. I haven't completely thought it through but the service provider would provide an api for common platforms. All it would do is 2-way encrypt contact numbers (SSL?). Then the service would do a basic lookup using the encrypted data as a key. If there is a hit for this particular platform it'll return the platform specific data (in this case, like a path specific user id).
Of course the other side would be maintaining users in this service, which again is pretty straight forward.
(Hi David?... I'm the OTHER DJB, probably not the one you are thinking of)
That wouldn't add any real protection. Phone numbers is a very small set (100 million possible in the U.S. and Canada). A rainbow table of all possible combinations can be created in only a week or two.
Hashing phonenumber+userid does absolutely nothing for them, though.
The purpose of uploading your contacts is so that if Jack's phone number is (555) 555-5555, and Sam uploads a contact list saying that he is friends with a guy whose phone number is (555) 555-5555, Path can match up those two phone numbers (or hashed versions of them) and tell Sam that Jack is a member. That match-up doesn't work if the phone number is stored as (a hashed version of) 5555555555jack and 5555555555sam.
They could take the phone numbers, sort them and hash them together. So if Sam is 5 and Jack is 6, they both upload the hashed social relationship 56 to the system and it can match them up.
It wouldn't keep someone with access from checking if a social relationship existed in the database, but it should make recovering phone numbers and the like from the hashes quite a lot harder.
That only works though if you have both Jack & Sam's phone books (and they have each other in their books) so the hit rate would go down, possibly significantly.
I was hoping to see that they would just drop the entire database, and then implement hashing from here on out. Otherwise, the apology feels sincere and I appreciate it.
But hashing doesn't add any protection in this case. There are a very limited number of phone numbers in North America and so those hashes can be pre-computed and rainbow-tabled in a short, reasonable timeframe.
But the app would need to contain the salt in order to send it to Path's servers hashed and salted. So a hacker could decompile the app to determine the salt.
So you can opt out then, since they're not doing enough to address your concerns. They're being upfront about it, though, and putting that choice in your hands.
They are putting a false choice in your hands that they hope will lead to the status quo while still giving a show of making good on this issue. They could, through sophisticated hashing and matching algorithms, do the user matching without ever learning your contact details. But they aren't bothering to do that. Instead they are just planting a checkbox in front of the user before they go and violate their privacy, and they hope that the vast majority of users will just check it and they'll only lose data from a minority of privacy nuts. Which means Path will end up exactly where they would have been anyway - with a giant database of personally sensitive information sitting unencrypted on their servers, waiting to be exploited, abused or leaked.
The fact that they've already deleted all user address book data, and have an updated version of the app available today with a privacy option, is a big deal. I don't know how they managed to get an update to the app approved so quickly (24-48 hours?), they must have worked directly with Apple. A good sign, either way.
Any dev can appeal to Apple to expedite a review when there is a good reason. I've done it several times and they generally have it reviewed within a few hours and out within 24. It's good that they've done this though and deleted all the data.
IIRC, Path's CEO commented on the post that initially reported this behaviour saying that an update had been submitted that would make it an optional feature prior to the report.
You can't prove a negative. You can only prove the existence of certain data on a particular server, you can not prove that a company does not have certain data unless you are prepared - and they are willing - to give you full access to audit each and every byte on their systems and to wipe any parts that they can't explain and you can't find a way to decrypt.
Clearly that is not practical so we'll have to take them at their word, as it stands I think that if path is found out to be lying about this that it will come back to haunt them big time.
It probably would help if they had an outside auditor to verify the actions that were taken. Still wouldn't be final proof to anyone who believes that they might still be hiding something but is a step further than just saying "trust us".
Key paragraph: "We believe you should have control when it comes to sharing your personal information. We also believe that actions speak louder than words. So, as a clear signal of our commitment to your privacy, we’ve deleted the entire collection of user uploaded contact information from our servers. Your trust matters to us and we want you to feel completely in control of your information on Path."
I would bold it if I were them. It's a nicely written message, but it reads like a lot of other PR apologies and it's easy to skim over it, deep in its position in the 5th paragraph.
Sometimes you need to make actions speak louder than words. :)
I don't think that you should assume that they are sorry that they "misused your phone contacts". This, like a lot of companies' efforts, is emblematic of their efforts to find out what people's (ever-expanding) comfort zone is when it comes to giving up their privacy. They (Path) are not looking at this as a philosophical failure (which would be cause for the apology you put forth)...they simply see it as an A/B test result ('sorry about making you uncomfortable').
"interesting how the concept of theft seems meaningless when applied to copyrighted material, but meaningful when applied to private data."
Not all that interesting.
Theft of personal data can cause real loss and harm if misused.
"Theft" of songs/movies does not cause any direct loss or harm, as no otherwise confidential information was exposed and the only "loss" is theoretical and hyper-inflated loss-of-potential-sales.
The issue here is one of violation of privacy and of confidentiality (if I was a journalist my contacts may be highly sensitive information), not of theft.
How does that apparent belief square with their actions though? If they really believed that you should have control over your personal information, and that your trust mattered, they would never have uploaded it without user consent.
It's not a "great save", it's a piece of PR flak arse-covering.
I completely agree. The engineers knew what they were doing when they design the app to upload all my info. This behavior should be illegal. I do not care what their BS press release says - they are just covering their a. I will never trust them ever again <\endrant>
"we’ve deleted the entire collection of user uploaded contact information from our servers"
Since we're talking about a fantastic breach of trust, I'd like clarification that all copies of all uploaded contact information have been deleted from all servers (even ones that one could argue are other people's), and from all backup media, and further that no effort will ever be made to try to recover this information.
Because, I'm sorry, but anybody who thinks its OK to violate someone's privacy like this is at best someone who is able to easily justify unethical behavior because they think their business might depend on it and at worst a sociopath.
There is not a human on earth who would not object if someone else picked up their phone and started looking through the contacts.
Path should come up with a Privacy Protection Program that commit them not to repeat their mistake. It's too easy to do something and ask for forgiveness later on. That would distinguish themselves from Facebook's way of doing things.
The could set up a company in the European Union, and hence be subject to EU Data Protection Law, which is stronger than the USA. They would then be risking fines and court orders for things like this. It would show that they don't think it'd happen again.
It would be a bit of an beaurocratic pain in the ass though.
Nice to see a transparent and timely response to this issue. I get the feeling that the startup world learned some serious lessons in crisis management after seeing the Airbnb nightmare unfold. At the end of the day, the customers/users are the real winners here.
Good for the most part, but does anyone feel like they deliberately left out what it was they're apologizing for?
I can imagine a user unaware of the recent event stumbling across this article and leaving confused about what wrong was committed. They sort of just assume you knew what happened, instead of explicitly explaining what they'd been doing.
But, they're taking steps to resolve the issue, apparently; so good on them.
"We made a mistake. Over the last couple of days users brought to light an issue concerning how we handle your personal information on Path, specifically the transmission and storage of your phone contacts."
Dave explained the issue well enough in the first paragraph.
I don't think that explains anything to someone not familiar with the scenario. It doesn't say how they handled transmission and storage of phone contacts, just that they did it in a bad way.
I don't think it's intentional, though. When writing this I doubt the audience in their minds were the people who don't know about the issue.
Given that they've removed all the data and updated the app, I'm not sure it's necessary that they give highly granular details as part of the apology.
If you put yourself in a user's shoes that doesn't know what the issue was then that is still generic. As a user who doesn't know the story I'd be wondering:
- Did they get hacked and now some unknown party may have the contents of my address book?
- Were they selling my information to others?
- Did something happen as it relates to storage that mixed up or deleted information
- Was my data being transmitted in the clear
- Was mt data being transmitted without my knowledge or approval?
Two of those things did happen but the user doesn't know for sure. To be fair though, I think their statement was enough. They really don't have to go into more details unless the situation calls for it and it doesn't right now. Those who know get the apology they deserve and those who don't continue using Path as if nothing ever happened. Win win.
Paragraph four, which answers questions 2 and 4 in your list and suggests that the answer to 1 and 3 is "No":
"In the interest of complete transparency we want to clarify that the use of this information is limited to improving the quality of friend suggestions when you use the ‘Add Friends’ feature and to notify you when one of your contacts joins Path––nothing else. We always transmit this and any other information you share on Path to our servers over an encrypted connection. It is also stored securely on our servers using industry standard firewall technology."
The actual problem was number 5, and they tell you exactly how they are fixing this: by deleting all existing data and letting people opt in to sharing it.
Actually, in the blog post by the guy who discovered that, he said he was able to read the data - meaning that it was transmitted NOT encrypted (please correct me if I am wrong).
Also, I hope that their "industry standard" firewall is better than their "industry best practices" data sharing practices.
Speaking as someone who has never heard of path before today I have no idea what they are apologizing for, and I'm scanning the HN comments hoping someone will list some background.
That was a deliberate mistake. at the first they said it's not a big deal (just like Airbnb did) but then when they saw the social media getting on fire they apologized.
Better they should not have done it, but good they took measures.
I'm kind of sick of this "let's revolt against everybody using my data" mentality. They don't persist your contact data to their server. What exactly is it that you're afraid of?
Moreover, how on earth did you think the "Add Friends" feature worked? I'm assuming at least some of you program software, and you should know that data doesn't just appear out of nowhere. Do you really expect a software startup to move every piece of data sorting & analyzing to the client side that has potential to piss off its userbase?
I understand that it's easy to just encrypt the information, or some other X remedy. I'm just saying there's a line between a software mistake and the let's-grab-the-pitchforks rhetoric that inevitably stems from stories like this.
If they aren't persisting your contact data to their server, how can they now say they deleted it all from their server? I was under the impression that storing your contact data was exactly what bothered people. Am I mistaken?
Moreover, how on earth did you think the "Add Friends" feature worked?
Unless all their userbase is composed of programmers or at least IT people, it's completely unreasonable to expect them to know that. I think they should, for their own sake, but as a app developer you can't assume they do.
It's a step in the right direction, but doesn't clear up all of the confusion. I can't update to 2.0.6 (it's not an option on my device, a 4th gen iPod touch running 2.0.5). In addition, how will adding friends work going forward -- Facebook Connect, or manual searches by name?
If you can run Path 2.0.5, you can run Path 2.0.6. I think you're confused because the AppStore hasn't actually updated yet to show 2.0.6. Try again later today.
They said everything will work exactly like before if you opt-in. So the second you click "accept" they have your entire address book until you email them and say please delete it.
This is smoke and mirrors and makes it sound like they've done a good deed.
Hmm, I read it more as "We actually have no idea what we're doing with any of this stuff and we're not giving you any more reasons to trust us with ANY data".
Yeah, that was kinda jarring, especially keeping their earlier claim about how silently stealing the address book was "industry best practice" fresh in mind.
Yep that sentence, and ones like it always worry me when I see them in companies' documentation about security. If the best thing you can say about your system and application security programme is that you use a firewall, that wouldn't fill me with a lot of confidence...
The right thing to do. However, their 2nd paragraph should have been the one starting with "We believe you should have control when it comes to sharing your personal information..."
The rest of it is a repeat of yesterday and is really not necessary.
I do want to know how I can backup by Path to a S3 or Dropbox account. Does anyone know if they support this?
I like the apology. They are doing to right things as well by deleting all of the existing data, but it is a lesson to all companies playing in the business-to-consumer space: Have clear and easy-to-read privacy policies and get explicit consent from users before you collect their data.
After reading the post, it is apparent that Path did nothing wrong except poorly communicating their procedures and policies.
Private social network seems almost oxymoron. To create large social network, a company has to tap into user's vast social network and try to get the user's friends/contacts to join in as well. And then to increase engagement or stickiness, you have to keep reminding them to come back. Otherwise, the social network company might not grow as fast as founders/investors would like and also most likely affect revenue.... It's a tough place to be, really. I don't condone their action. At the minimum, they should've gotten user's permission first.
As someone who is always concerned about my own privacy and the privacy of people who trust our company with their data, i am very pleased to see that when things do go wrong honesty is being appreciated.
While i don't think its acceptable to ever make this kind of mistake, we should also encourage companies to be upfront and honest about what went wrong and what they're going to do to make things better when issues come up.
This is a positive step forward for this company and tech companies as a whole. Having said that, maybe i would feel different however if i actually used this app?
Honestly, I keep hoping Apple adds a permission check for the contact list (like they do for GPS location). If the user says no, they should just return a blank contact list (to keep old apps happy that aren't expecting the call to fail).
It's crazy that they haven't added this already. Facebook needs to get my permission to find out where I am, but not to scrape a hundred names, phone numbers, and addresses out of my phone? Bizarre.
I realise you might be using Facebook as an example in a theoretical sense (i.e., that Apple believes protecting your location is more important than protecting your contact database), but in case you weren't, Facebook's "find friends" feature does give you an explanation of what is going to happen, asks you to confirm.
Here's the explanation:
"If you enable this feature, all contacts from your device (name, email address, phone number) will be sent to Facebook and be subject to Facebook's Privacy Policy, and your friends' profile photos and other info from Facebook will be added to your iPhone address book. Please make sure your friends are comfortable with any use you make of their information."
This is one of the few areas where the EU is (still...) ahead of the rest of the world. Facebook should not be able to collect data on your friends even at your request unless your friends explicitly consent to this.
Clearly your friends have no business passing on your data and Facebook has no business collecting it. "Make sure your friends are comfortable" is no excuse for facebook to go ahead and break the law.
Your neighbours to the north also have laws like this that are on par with the DPD. The EU treats PIPEDA as essentially an implementation of the DPD so that DPD compliant orgs can share data with Canadian businesses.
With the recent news, I'm confident they'll do just that in the next iteration. I also submitted a bug report to http://bugreporter.apple.com/, because I really believe it's the way it should be (even though it restricts me as a developer).
I also submitted another bug report (15th time, I believe) about iOS 5's stupid lack of support for audiobook chapters and podcasts...
I have to say, of all the comments here (and the large volume of downvoted ones), I don't see the problem wiht jsavimbi's comment. It does seem very strange to say "We are all about user choice and privacy" while apologizing for violating that credo.
Yeah, I don't consider an apology that blames ME an apology. You screwed up, full stop. You're shirking your responsibility if you're talking about my response to your mistake.
I was very critical of Path yesterday. Their initial response didn't really address the issue and was basically an excuse. But this has restored my faith. I never believed they were doing anything malicious with the data but the fact that they bill themselves as a trusted/private social network leads me to want to hold them to a higher standard.
The big thing in this apology is that they have deleted all the data. That was a good move and shows they listened to complaints. The app update is also smart. Hopefully they will implement a better friend finding system soon (maybe using the hashing ideas put forward in yesterdays HN thread).
They really need to update their privacy policy, which is currently mostly generic nonsense. https://path.com/privacy
Regardless of whether they throw up a confirmation prompt, their privacy policy needs to clearly describe what information is scraped from your phone, how it's used, and how long it's retained.
It's not a perfect solution, but I don't understand why Path don't hash the contact details before uploading them, and check against the hashes. You can still infer all kinds of social graph information, of course, but they're at least not consuming raw contact details.
Preface: I will joining Path this Summer, but I do not speak for the company in any way, nor have I spoken with them about the situation. This is a purely technical reply...
You cant guarantee a unique hash. When you hash users' data there is the possibility of collision; this probability grows with every new user. Without identifying data of some sort, it's difficult (impossible?) to get the exact user.
It doesn't matter. The purpose of the hash isn't to uniquely identify users, it's to narrow the list of users that need to be sent down to the phone. If Path could send their entire user database to the phone, they wouldn't need to send the contacts to their server.
The main purpose is to send you a push notification when your friend joins, since a push notification can't execute client side code... that wouldn't work.
Replying to Me1000, with hashes it would still be trivial to create a system that determines when a friend's signed up, and alerts you. That doesn't require a full address book entry - or any contact details at all beyond an identifier. It's not like Path is actually notifying using any of the contact details it stores, which means it's either representative of wasteful coding on their side, or of something else going on.
Hash collisions aren't a problem for this application and if we were to pretend that they were, that's solvable by using multiple hashing techniques at once.
That is incorrect. SHA1 still has no known collisions despite years of research and computing power dedicated to finding just one collision.
Edit: Furthermore since the set of valid emails and phone numbers is a very restricted set of input, it is extremely likely that there are literally no two valid email/phone numbers that SHA1 hash to the same value.
I agree that it's practically not a concern, but the local part of an email address[0] is up to 64 characters in an alphabet of size 72, and the domain part is 253+ characters in an alphabet of size 38, giving the valid email space a size of greater than 3e519, which is enough to guarantee collisions in SHA-512 and all of the SHA-3 finalists.
If the set of data did contain 3e519 entries then yes it certainly would generate collisions, however it you look at a more restrictive set of data, lets say 5 emails per person alive then you're looking at about 2^35 email addresses which could easily be hashed by MD5 with out a significant chance of collision.
Instead of an MD5 they could just as easily upload a bloomfilter which would expose even less data and would compress it significantly, however it would be more computationally expensive to generate matches that way vs. hashing.
Well, this isn't quite right--the domain of the hash function is a numerical representation of the user, maybe a 64-bit int, so it's obvious that you can engineer a non-colliding hash (trivially: the hash function is XOR). What's more interesting is whether there's a hash function such that Path can't infer the social graph from user requests without the user's permission. It seems to me a hash would be both one-way (obviously) and dense (so that a randomly generated request from a user would have a good chance of matching another user).
I can't think of a hash function without a good public-key infrastructure, which is obviously beyond Path's remit. Anyone aware of a solution to this?
You can guarantee a unique hash for all practical purposes. If you manage to find a collision in a robust cryptographic hash then the world of computing will have far more important things to worry about than a social network getting slightly confused.
If you accept and later decide you would like to revoke this access, please send an email to service@path.com and we will promptly see to it that your contact information is removed.
My only qualm is that you can't revoke the permission from within the app. The opt-out should be as easy as the opt-in.
I suspect this is because technically it would be a PITA to allow users to allow/revoke at their own discretion.
While I agree that it would be nice from the users point of view, the impact of pulling data from the kind of analysis I'd expect them to be doing is going to be a data analysts worse nightmare (i.e. holes in your data set can sporadically appear, so nothing is concrete and all analysis must be reverse-justifiable). If you can reduce the frequency this happens but still give the users the option, this seems like the best of both worlds.
219 comments
[ 4.4 ms ] story [ 230 ms ] threadTo be honest this should be a third party service, since it sounds like every major social networking app is doing the same exact thing.
(Hi Dan?)
Of course the other side would be maintaining users in this service, which again is pretty straight forward.
(Hi David?... I'm the OTHER DJB, probably not the one you are thinking of)
If they are going to hash the data, they should salt it (and possibly use key strengthening a la bcrypt, etc).
The purpose of uploading your contacts is so that if Jack's phone number is (555) 555-5555, and Sam uploads a contact list saying that he is friends with a guy whose phone number is (555) 555-5555, Path can match up those two phone numbers (or hashed versions of them) and tell Sam that Jack is a member. That match-up doesn't work if the phone number is stored as (a hashed version of) 5555555555jack and 5555555555sam.
It wouldn't keep someone with access from checking if a social relationship existed in the database, but it should make recovering phone numbers and the like from the hashes quite a lot harder.
That sounds like exactly what you were hoping for.
So, they haven't changed their implementation, they've just added the ability to opt out of the poor implementation.
They are putting a false choice in your hands that they hope will lead to the status quo while still giving a show of making good on this issue. They could, through sophisticated hashing and matching algorithms, do the user matching without ever learning your contact details. But they aren't bothering to do that. Instead they are just planting a checkbox in front of the user before they go and violate their privacy, and they hope that the vast majority of users will just check it and they'll only lose data from a minority of privacy nuts. Which means Path will end up exactly where they would have been anyway - with a giant database of personally sensitive information sitting unencrypted on their servers, waiting to be exploited, abused or leaked.
Better than ATT, VZW, MS, TW, Comcast, or any national US bank.
Clearly that is not practical so we'll have to take them at their word, as it stands I think that if path is found out to be lying about this that it will come back to haunt them big time.
Great save for a bad mistake.
Sometimes you need to make actions speak louder than words. :)
Better would have been 'we are sorry we misused your phone contacts', rather than trying to make the users responsible by invoking their feelings.
Aside: interesting how the concept of theft seems meaningless when applied to copyrighted material, but meaningful when applied to private data.
Not all that interesting.
Theft of personal data can cause real loss and harm if misused.
"Theft" of songs/movies does not cause any direct loss or harm, as no otherwise confidential information was exposed and the only "loss" is theoretical and hyper-inflated loss-of-potential-sales.
The issue here is one of violation of privacy and of confidentiality (if I was a journalist my contacts may be highly sensitive information), not of theft.
"We are deeply sorry if you were uncomfortable with how our application used your phone contacts."
Should have been:
"We are deeply sorry that we appropriated your personal contact information and uploaded it to our servers without authorization or consent"
No real admission of wrongdoing or responsibility, only a fool would go back to trusting this company.
I assume that you are not ware of the FTC fine involved if they kept the data, right?
Its almost as bad was Zynga pulled its first year in operations
Still leaves me with a shitty feeling. Basically this boils down to "sorry we got caught", they knew what they were doing.
Not to single out Path, a massive number of apps are guilty of this behavior.
And so is Apple. I am alarmed that any 2 bit app can access and upload all my personal contact information for any use they want to.
It's not a "great save", it's a piece of PR flak arse-covering.
I'm not so sure.
The updated iPhone app does the right thing.
What do the apps not updated to the latest version do? Does it re-upload the contacts? If it does, what does the server do with the data?
Since we're talking about a fantastic breach of trust, I'd like clarification that all copies of all uploaded contact information have been deleted from all servers (even ones that one could argue are other people's), and from all backup media, and further that no effort will ever be made to try to recover this information.
Because, I'm sorry, but anybody who thinks its OK to violate someone's privacy like this is at best someone who is able to easily justify unethical behavior because they think their business might depend on it and at worst a sociopath.
There is not a human on earth who would not object if someone else picked up their phone and started looking through the contacts.
TO FEEL, as in "we still don't give a shit whether you actually _ARE_ completely in control of your information"
Why would I not trust them with my contact info but trust that they actually have deleted it and there are no copies.
Also, these are developers, there are copies, it's a near certainty.
It would be a bit of an beaurocratic pain in the ass though.
I can imagine a user unaware of the recent event stumbling across this article and leaving confused about what wrong was committed. They sort of just assume you knew what happened, instead of explicitly explaining what they'd been doing.
But, they're taking steps to resolve the issue, apparently; so good on them.
Dave explained the issue well enough in the first paragraph.
I don't think it's intentional, though. When writing this I doubt the audience in their minds were the people who don't know about the issue.
- Did they get hacked and now some unknown party may have the contents of my address book?
- Were they selling my information to others?
- Did something happen as it relates to storage that mixed up or deleted information
- Was my data being transmitted in the clear
- Was mt data being transmitted without my knowledge or approval?
Two of those things did happen but the user doesn't know for sure. To be fair though, I think their statement was enough. They really don't have to go into more details unless the situation calls for it and it doesn't right now. Those who know get the apology they deserve and those who don't continue using Path as if nothing ever happened. Win win.
"In the interest of complete transparency we want to clarify that the use of this information is limited to improving the quality of friend suggestions when you use the ‘Add Friends’ feature and to notify you when one of your contacts joins Path––nothing else. We always transmit this and any other information you share on Path to our servers over an encrypted connection. It is also stored securely on our servers using industry standard firewall technology."
The actual problem was number 5, and they tell you exactly how they are fixing this: by deleting all existing data and letting people opt in to sharing it.
Also, I hope that their "industry standard" firewall is better than their "industry best practices" data sharing practices.
For the benefit of anyone else who is confused: http://mclov.in/2012/02/08/path-uploads-your-entire-address-...
Moreover, how on earth did you think the "Add Friends" feature worked? I'm assuming at least some of you program software, and you should know that data doesn't just appear out of nowhere. Do you really expect a software startup to move every piece of data sorting & analyzing to the client side that has potential to piss off its userbase?
I understand that it's easy to just encrypt the information, or some other X remedy. I'm just saying there's a line between a software mistake and the let's-grab-the-pitchforks rhetoric that inevitably stems from stories like this.
Unless all their userbase is composed of programmers or at least IT people, it's completely unreasonable to expect them to know that. I think they should, for their own sake, but as a app developer you can't assume they do.
Will hashing be implemented?
This is smoke and mirrors and makes it sound like they've done a good deed.
Written by their CEO => icing on the cake.
The rest of it is a repeat of yesterday and is really not necessary.
I do want to know how I can backup by Path to a S3 or Dropbox account. Does anyone know if they support this?
After reading the post, it is apparent that Path did nothing wrong except poorly communicating their procedures and policies.
/s
While i don't think its acceptable to ever make this kind of mistake, we should also encourage companies to be upfront and honest about what went wrong and what they're going to do to make things better when issues come up.
This is a positive step forward for this company and tech companies as a whole. Having said that, maybe i would feel different however if i actually used this app?
Here's the explanation:
"If you enable this feature, all contacts from your device (name, email address, phone number) will be sent to Facebook and be subject to Facebook's Privacy Policy, and your friends' profile photos and other info from Facebook will be added to your iPhone address book. Please make sure your friends are comfortable with any use you make of their information."
See: http://en.wikipedia.org/wiki/Data_Protection_Directive
This is one of the few areas where the EU is (still...) ahead of the rest of the world. Facebook should not be able to collect data on your friends even at your request unless your friends explicitly consent to this.
Clearly your friends have no business passing on your data and Facebook has no business collecting it. "Make sure your friends are comfortable" is no excuse for facebook to go ahead and break the law.
https://developer.apple.com/library/ios/#DOCUMENTATION/Audio...
I also submitted another bug report (15th time, I believe) about iOS 5's stupid lack of support for audiobook chapters and podcasts...
Note to app builders: never hire a PR firm to do your dirty work.
Undoubtably in plaintext. Having "industry standard firewall technology" didn't do jack for Zappos, why would Path's data be any more secure?
The big thing in this apology is that they have deleted all the data. That was a good move and shows they listened to complaints. The app update is also smart. Hopefully they will implement a better friend finding system soon (maybe using the hashing ideas put forward in yesterdays HN thread).
Regardless of whether they throw up a confirmation prompt, their privacy policy needs to clearly describe what information is scraped from your phone, how it's used, and how long it's retained.
You cant guarantee a unique hash. When you hash users' data there is the possibility of collision; this probability grows with every new user. Without identifying data of some sort, it's difficult (impossible?) to get the exact user.
Edit: Furthermore since the set of valid emails and phone numbers is a very restricted set of input, it is extremely likely that there are literally no two valid email/phone numbers that SHA1 hash to the same value.
[0] http://tools.ietf.org/html/rfc3696
Instead of an MD5 they could just as easily upload a bloomfilter which would expose even less data and would compress it significantly, however it would be more computationally expensive to generate matches that way vs. hashing.
This is matching user email addresses so they can spam you and your friends and grow their company on the back of dodgy practices.
I can't think of a hash function without a good public-key infrastructure, which is obviously beyond Path's remit. Anyone aware of a solution to this?
Dave's message is straightforward and sincere.
Even if that weren't the case, "better than Facebook" is a pretty low bar. "Worse than Facebook" is way, way out of bounds.
My only qualm is that you can't revoke the permission from within the app. The opt-out should be as easy as the opt-in.
While I agree that it would be nice from the users point of view, the impact of pulling data from the kind of analysis I'd expect them to be doing is going to be a data analysts worse nightmare (i.e. holes in your data set can sporadically appear, so nothing is concrete and all analysis must be reverse-justifiable). If you can reduce the frequency this happens but still give the users the option, this seems like the best of both worlds.